On Thu, Jun 23, 2016 at 01:33:05PM +0100 you wrote: > We've been running v3 since its initial release and I > have never experienced any different behaviour. The appointments > are correctly flagged as confidential (if you examine the XML sent > to the client) but I believe this should be handled server-side > (like it is with CalDAV) as I have yet to find a client that honours > this! It is also much safer if data never intended for a client > device is kept centrally and never distributed to it...
Outlook 2013 (ActiveSync) does not send an authentication to the server. Therefore the server handles such free/busy requests as coming from "public". The server answers if "public" has at least permission to date/time of the requested user. Is that really the problem? There must be a way for the server to find out who requests free/busy information. And yes, that must be handled server-side. Greetings -- R. Cirksena -- users@sogo.nu https://inverse.ca/sogo/lists